Solved

Problem with Exchange Certificate

Posted on 2015-01-15
8
93 Views
Last Modified: 2015-01-21
It appeared that we were having a certificate issue on our exchange server. I purchased a new UCC from GoDaddy and installed it.  However, even after installing this and running enabling cmdlet, I continue to get this error. No one can connect via Outlook or OWA. Help.

"The name on the security certificate is invalid or does not match the name of the target site exchangeserver.

... (Error Code 10)
0
Comment
Question by:Philsh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40551651
Did you put all of the correct SAN names on the new cert? When you try to go to mail.domain.com/owa what cert is it trying to use? You can reference the Thumbprint to ensure you are looking at the correct cert. You can find the Thumbprint under the details Tab.

Also re-run get-ExchangeCertificate and ensure that the new cert has all of the appropriate services applied.

Enable-Exchange Certificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxx -services "smtp,iis,pop,imap"
It should prompt to be the default: Y

Also checking IIS and seeing what cert it is using as well.

Will.
0
 

Author Comment

by:Philsh
ID: 40551657
Reran get-exchangecertificate and it shows all going to the right certificate.  How can I see what IIS is using? Thanks.
0
 

Author Comment

by:Philsh
ID: 40551691
Do I need Exchangeserver as a SAN by itself with no xxx.org at the end?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40551736
You need to have your CN=mail.domain.com and you need to add all of the SAN names to it.
mail.domain.com
autodiscover.mail.com

You then need to make sure that your URL's correspond with the DNS names you have in your certificate SAN names.

Will.
0
 

Author Comment

by:Philsh
ID: 40551910
Looks like a bigger issue. I noticed that my storage groups are disabled. I cannot mount the database files. They are there but I I think the group has been damages as it won't let me enable them.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40552018
A new certificate should not have this affect on the storage groups or databases. Looks like it might be a different problem or just a second problem.

Will.
0
 
LVL 26

Assisted Solution

by:-MAS
-MAS earned 200 total points
ID: 40553543
Please check this articles. It may help
EE
Technet

Use this for CSR generation
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 

Author Closing Comment

by:Philsh
ID: 40562210
Multiple issues: both certificate and disk drive.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question